When Jersey Mike's Franchise Systems, a sub sandwich chain with more than 2,000 storefronts, began its digital transformation, it had eyes on revamping its mobile app. But concern about authentication lingered.
Jersey Mike's relied on a proprietary authentication system for its mobile app, a tool where customers earn points, make orders and find nearby locations.
"We know our customers have choices, and we also know they love our food, so we wanted to make sure they didn't have any reason to worry about their information being safe and secure when they use our app," Scott Scherer, CIO of Jersey Mike's Franchise Systems, told CIO Dive.
The company chose an identity as a service (IDaaS) provider to take the reigns for securing customer logins.
But restaurants have historically been slower to adopt new technologies compared to other industries, Aaron Allen, founder and chief strategist for Aaron Allen & Associates, global restaurant consultants, told CIO Dive. The food service industry is at the mercy of companies founded on technology and innovation, such as Uber Eats and Grubhub.
To ensure resilience and longevity, "there's an increasing need to stay up with industry leaders from other categories because they share the same consumer with the same expectations," said Allen.
Right now, the consumer expects privacy and ease, two demands that aren't always compatible.
Take authentication to the cloud
The cyberthreat landscape is ever-evolving and bad actors have a keen eye for manipulating vulnerable authentication keys. To respond, companies are reevaluating identity access management.
The cloud is enabling IDaaS, making identity the new security perimeter, Patrick Hevesi, Sr Director Analyst at Gartner, told CIO Dive. Because of that, companies need to have a capability that can provide authentication across everything it does, as opposed to needing multiple identities, like email addresses and passwords.
Jersey Mike's was looking for a centralized way to maintain and manage customer data as well as internal company data because it's also linked to shared customers between business partners, including Grubhub. "You don't want to have to have complex identity mapping," said Hevesi.
If a shared customer is using a single password across platforms, say between Jersey Mike's and Grubhub, companies are able to provide that ease of convenience in their authentication customers want. The same is true for employee logins.
"The less complexity I have, the easier it is to protect the identity," said Hevesi.
Why Jersey Mike's moved out of in-house
Cloud-based vendors' infrastructures are secured by a lot more money, attention and bandwidth, making it a more attractive option for security than in-house solutions.
There's a splintering in security between major technology enterprises and a restaurant.
"We knew we needed external expertise to help us, because we wanted to build the code for security right in the same place as the code for a great experience; whether a customer is trying to use a coupon, place a mobile order, or check their loyalty points balance," said Scherer.
While companies will be responsible for their consumer data, no matter where it's stored or circulated, the demands of privacy are relieved.
"What intrigues us about working with a company that provides IDaaS is that we don't have to worry about constantly updating our own systems or stack in order to feel we have control over the authentication and data security elements in our app," said Scherer.
Jersey Mike's migration to Auth0 was designed on a timeline, focused on the revamp of the sub chain's mobile app. Auth0 was able to perform bulk migration, allowing customers to continue using the app without resetting their passwords.
The cloud is enabling shared responsibilities between businesses and providers, alleviating some of the pressure of always-on security.
"A lot more organizations are going to [this] because it's based security plus the operating system. All that stuff is being managed by somebody else," said Hevesi.
While different industries have different views on relinquishing some of their security controls to a service provider, like the government, the trend is obvious: the cloud is becoming more trustworthy.
While it's possible for service providers to get hacked, it's "a lot more difficult than somebody's trying to protect the small datacenter," said Hevesi.